Cyber crime, which includes ransomware, social engineering, and data theft, has increased 300% post-pandemic. Cyber attacks have struck businesses of all sizes and sectors this year, causing millions of dollars in damages. To reduce attacks, enterprises must harden their security systems and invest in comprehensive cyber security strategies. Here’s a quick look at some of the top cyber liability claim examples in 2022.
Ransomware
In ransomware attacks, cyber criminals use malware to encrypt an organization’s data in exchange for a ransom. According to an industry study, ransomware is the number one driver of Cyber Insurance claims. Let’s take a look at this year’s biggest ransomware headlines.
Nvidia
In February 2022, the largest gaming microchip company in the United States reported a ransomware attack that compromised employee data and proprietary information. The threat actors from the ransomware group Lapsus$ claimed to have access to a terabyte of the company’s data. They threatened to release confidential information if Nvidia didn’t pay up. The company responded by hardening its security measures and hiring cyber experts to contain the attack.
Bridgestone
The global tire manufacturer, a major supplier of tires for Toyota vehicles, was hit by a ransomware attack by the LockBit ransomware group in the first quarter of 2022. The cyber attack forced the company to halt its production in North and Middle America for an entire week and shut down its computer network. The perpetrators released a countdown in March, threatening to leak stolen data if the company failed to pay the ransom.
Denso Corp, another Toyota supplier, was hit by a ransomware attack 11 days later. These cyber insurance claims scenarios demonstrate the increased interest of cyber criminals in attacking manufacturers and major supply chains, emphasizing the importance of maintaining the same standards of security across business partnerships.
Social Engineering
According to an industry survey, 75% of businesses consider social engineering/phishing attacks as their organization’s top cyber security threat. However, unlike other cyber crimes, these attacks exploit human error, making them more challenging to combat.
Twilio
On August 4, 2022, the cloud-based communication provider reported a breach via a social engineering attack on its employees. The perpetrator used stolen credentials to access the company’s systems. Twilio employees then received messages appearing to have come from the company’s IT department, reporting that their passwords had expired or their schedules had changed. The message required them to sign in again, taking them to an impersonated Twilio sign-in page controlled by the attacker.
The company responded to the attack by revoking access to the compromised employee accounts, working with U.S. carriers to shut down the actors, and hiring a forensics firm to investigate.
Cisco
Leading IT networking company Cisco reported a compromise in its system on May 4, 2022, due to a sophisticated social engineering attack on one of its employees. The threat actor conducted voice phishing attacks, disguising itself as several trusted organizations to lure the victim into accepting authentication push requests sent on the target’s device. The attacker gained access to the employee’s personal Google account, which contained the Cisco employee credentials synchronized in the victim’s browser. The threat actor was able to log in to multiple systems, alerting the company’s response team of the breach.
The company employed the help of law enforcement, updated its security products, and shared Indicators of Compromise (IOCs) with other parties to mitigate future attacks. These social engineering cyber liability claim examples encourage businesses to rethink their cyber security policies and how they implement them across the organization.
Data Breaches
Apart from ransomware and social engineering attacks, below are some other Cyber Insurance claim examples that made headlines this year.
LastPass Hack
LastPass is a password manager with more than 33 million users. Through an advisory posted on August 25, 2022, LastPass CEO Karim Toubba revealed that an external attacker had stolen source code and proprietary company information after breaking into its systems. The company assured its users that the threat actors did not have access to their master passwords, and it hired a cyber security team to enhance the source code safety of the organization. That was the second cyber attack on LastPass, as a hacker successfully accessed its networks in 2015.
Health Care Data Breaches
While the health care industry has always been a lucrative target of ransomware actors, data breaches are also common in this sector. For example, Massachusetts-based health provider Shields Health Care Group reported suffering a data breach in March 2022. An estimated 2 million people were affected, and their names, Social Security numbers, addresses, birth dates, medical information, and billing information were compromised.
In the first half of the year, Texas-based providers Baptist Health System and Resolute Health Hospital and Arizona-based providers Yuma Regional Medical Center and Kaiser Permanente disclosed similar breaches.
Help Your Clients Mitigate Cyber Threats by Partnering with ProWriters
This year’s cyber liability claims examples highlight the dangers that today’s threat landscape poses to enterprises of all sizes and industries. A successful hack can ruin a company’s reputation and finances. However, ProWriters offers comprehensive Cyber Insurance that covers losses from a cyber attack.
At ProWriters, we give brokers like you the resources and tools you need to become the Cyber Insurance experts on whom your clients can rely. Reach out today to learn how we can elevate your broker services, or download our free resource: Cyber Exposure: What’s the Real Cost?
